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A circuit board (140) comprises a micrccontrollor 
(150) interfaced with a CCD controller (152), a ROM (154), 
a RAM (156), and an A/D converter (158) which digitizes 
the output from the CCD sensor. The CCD controller effects 
scanning of the CCD sensor to transfer sensed levels of the 
pixels of a CCD sensor (102). The microcontroller controls 
the intensity of light produced by an LED (89). An interface 
controller (160) is interfaced with the microcontroller to 
effect communication with a serial port of a computer. The 
microcontroller receives mouse input from the left and right 
mouse buttons and the X and Y sensors of a mouse and 
transmits the mouse input to the computer to effect combined 
functions of thumb print scanning and mouse control. 
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Description 

BIOMETRIC SYSTEM FOR BIOMETRIC INPUT. COMPARISON , 
AUTHENTICATION AND ACCESS CONTROL AND METHOD THEREFOR 

5 

BACKGROUND OF THE INVENTION 
Claim of Priority 

The present is a Continuation- in- Part of U.S. Patent 
Application Serial No. 09/312,002, filed on May 14, 1999, for a 
10 Biometric System for Biometric Input, Comparison, Authentication 
and Access control and Method therefor, the contents of which are 
incorporated herein by reference. 

Field of the Invention 

15 The present invention relates to a system for biometric 

input, comparison, and authentication and, more particularly, to 
a system and method for securing one or more files, including data 
files and applications, by restricting available access thereto to 
authorized individuals through the use of a biometric input 

2 0 device. The biometric input device provides a compact, yet highly 
functional configuration and an associated biometric data 
comparison system provides for controlled access to a computing 
system based upon comparison of inputed biometric data with 
biometric data stored in a database. 

25 

Description of th e Related Art 

Biometric input devices are known for use with computing 
systems. Such biometric input devices include computer mouse 
designs. Existing designs for such biometric input devices have 

30 scanning windows lacking efficient positioning structure for 
scanning positioning and protection from ambient light, and do not 
provide mechanical integration of a position sensing ball assembly 
with an optical scanning assembly maximizing reliability of 
position sensing ball operation. 

35 Biometric data comparison methods and systems are known. 

Such known systems and methods suffer from various drawbacks 
including intensive computing power requirements, intensive memory 
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requirements, slow data transfer, slow comparison, and comparison 
reliability reduction due to environmental an d physiological 
factors. Known systems also fail to provide for secure 
communication of biometric data over public lines. 

Additionally, traditional , commercially available file 
securing systems are often minimally secure, and if enhanced to 
the point of providing effective security, are rather difficult 
and/or complex to utilize, requiring a series of complex steps be 
performed, and/or requiring the secure maintenance of a password. 
Naturally, password security systems are not optimally secure 
unless very elaborate and/or require very long passwords. 
Accordingly, there is a need for a system which can be convenient 
and easy to use, but which also provides a substantial amount of 
security to the files to be secured. 

Summary of the Invention 

Accordingly, it is an object of the invention to provide a 
system and method for biometric input and comparison which 
overcomes the drawbacks of the prior art . 

It is a further object of the invention to provide an 
economically advantageous biometric input device which ensures 
increased precision is sampling biometric data. 

It is still a further object of the invention to provide a 
biometric data comparison method which controls access to 
computers or data networks. 

It is yet another object of the invention to provide a 
fingerprint comparison method which provides for accurate and 
rapid comparison of fingerprints while compensating for 
environmental and physiological factors. 

An object of the present invention is also to provide a 
biometric based access control system for use on computers which 
permits a user to graphically apply biometric access control 
features to data and applications by the use of a user manipulated 
biometric protection icon. 

Briefly stated, the present invention provides a biometric 
input device, system and method which includes a biometric inpuc 
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device having a scanning window surrounded by a ridge for ensuring 
positive positioning of a biometric sample such as a thumb. The 
biometric input device includes an optical assembly having a prism 
with a focusing lens disposed on a side thereof and optionally 
5 integrally formed therewith. A biometric comparison method is 
provided for comparing data from said biometric input device with 
data from a database using both directional image comparison and 
clusterized minutia location and direction comparison. A further 
system is provided for allowing access to computer functions base 

10 on the outcome of the comparison method. 

The present invention also provides a biometric input device 
for accepting a fingerprint of a finger tip having opposing tip 
sides and a tip end, comprising a device body having a body wall 
defining an aperture and an optical assembly for scanning the 

15 fingerprint disposed in the device body. The optical assembly has 
a scanning surface at the aperture upon which the finger tip is 
placed for scanning of the fingerprint by the optical assembly. 
A ridge surrounds a portion of a periphery of the aperture such 
that the ridge engages the opposing tip sides and tip end such as 

20 to position the fingerprint on the scanning surface and block 
ambient light. 

A further feature of the present invention includes the 
aforesaid biometric input device having a device body with a 
bottom surface opposing a substrate upon which the device body is 

25 placed, a device body length and a front portion, a middle portion 
and a heel portion. A movement detection device for detecting 
movement of the device body relative the substrate is provided and 
the bottom surface defined a bottom surface aperture through which 
the movement detection device detects movement of the device body 

30 relative the substrate. The bottom surface aperture is disposed 
in the heel portion of the device body and the optical assembly is 
disposed in the middle portion of the device body. In an 
embodiment of the present invention the movement detection device 
has a ball protruding through the bottom surface aperture for 

35 engaging the substrate to register the movement of the device body 
relative the substrate. 
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According to a feature of the invention, there is further 
provided a biometric input device for accepting a fingerprint of 
a finger tip having opposing tip sides and a tip end, comprising 
a device body having a body side wall defining an aperture, and an 
5 optical assembly for scanning the fingerprint disposed in the 
device body. The optical assembly includes an imaging component 
for converting a light image into pixel output and a lens for 
focusing the light image into the imaging component. The optical 
assembly includes a prism with first, second and third sides and 

10 a top side wherein the first side forms a scanning surface at the 
aperture upon which the finger tip is placed for scanning of the 
fingerprint by the optical assembly, the second side has the lens 
for focusing the light image into the imaging component disposed 
thereon, and the third side has a light absorbing layer. 

15 The present invention also includes the above embodiment 

wherein, in the alternative or in combination with one another, 
the lens is formed integrally with the prism and a light emitting 
device is disposed to emit light into the prism from the top side 
of the prism to illuminate the fingerprint when disposed at the 

2 0 scanning surface. 

According to a still further feature of the invention, there 
is provided a biometric comparison method comprising a series of 
steps beginning with (a) scanning in a fingerprint and digitizing 
the scanning signals to produce a matrix of print image data 

25 representing pixels. Next the method proceeds with (b) dividing 
the print image data into cells, each including a number of pixel 
data for contiguous pixels, and (c) calculating a matrix of 
directional image data DI using gradient statistics applied to the 
cells wherein the directional image data DI includes, for each of 

30 the cells, a cell position indicator and one of a cell vector 
indicative of a direction of ridge lines and an unidirectional 
flag indicative of a nondirectional calculation result. 
Processing then continues with (d) skeletonizing the print image 
data, and (e) extracting minutia from the print image data and 

35 producing a minutia data set comprised of data triplets for each 
minutia extracted, including minutia position data and minutia 
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direction data. 

Next, a comparing process is initiated by (f) providing 
reference fingerprint data from a database wherein the reference 
fingerprint data includes reference directional image data DI and 
5 a reference minutia data set, and (g) performing successive 
comparisons of the directional image data DI with the reference 
directional image data DI and determining a directional difference 
DifDI for each of the successive comparisons wherein for each of 
the successive comparisons one of the directional image data DI 

10 and the reference directional image data DI is positional shifted 
by adding position shift data. In a next step (h) it is 
determined for which of the successive comparisons the directional 
difference DifDI is the least and the position shift data thereof 
is selected as initial minutia shift data. A next stage of the 

15 comparison process proceeds with (i) positional shifting minutia 
data by applying the initial minutia shift data to one of the 
minutia data sets and the reference minutia data set to initially 
positionally shift the minutia position data and the minutia 
orientation data, then (j) performing successive comparisons of 

20 the minutia data set with the reference minutia data set following 
the positional shifting minutia data and determining matching 
minutia based on a minutia distance criteria, a number of matching 
minutia, and a similarity measure indicative of correspondence of 
the matching minutia for each of the successive comparisons 

25 wherein, for each of the successive comparisons, one of the 
minutia data set and the reference minutia data set is positional 
shifted within a minutia shift range R by adding minutia position 
shift data, and finally (k) determining a maximum similarity 
measure of the similarity measures of the successive comparisons. 

30 The comparison method concludes with (1) determining whether the 
maximum similarity measure is above a similarity threshold and 
indicating the reference fingerprint data and the fingerprint data 
are from the same fingerprint when the maximum similarity measure 
is above the similarity threshold. 

35 The present invention also includes the above method wherein, 

as an alternative, the calculation of the directional image data 
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includes (cl) identifying a directional group of cells comprising 
all cells of the cells that do not have the unidirectional flag 
associated therewith; and then excluding from the successive 
comparisons of minutia data sets, one of the minutia data sets and 
5 the reference minutia data set located in or positionally aligned 
with the cells that have the unidirectional flag associated 
therewith. 

The present invention further provides a feature for use in 
conducting the successive comparisons of minutia comprising 

10 dividing the minutia data set into the minutia data set clusters 
formed on contiguous one the cells and each including a 
predetermined number of the minutia before conducting the 
successive comparisons, conducting the successive comparisons for 
each of the minutia data set clusters and determining for each of 

15 the minutia data set clusters a maximum similarity measure, and 
finally determining the maximum similarity measure as a sum of the 
maximum similarity measures of each of the minutia data set 
clusters. 

The present invention also provides for the above comparison 

20 method excluding from further processing pairs of the minutia 
located within a minutia exclusion distance of one another and 
having minutia direction data with a direction exclusion limit of 
being in opposite directions. 

The present invention further provides a feature wherein in 

25 the above comparison method the minutia extraction step extracts 
minutia limited to ends and bifurcations. Still further there is 
provided a feature wherein the minutia data set excludes data 
distinguishing ends and bifurcations. 

Yet another feature of the present invention is a biometric 

30 comparison system comprising a computer processor assembly 
preferably having a memory including a reference fingerprint data 
and at least one of file data and application software , a display, 
an apparatus for representing at least one of the file data and 
application software as icons on the display, and a biometric 

35 input device, preferably as part of a biometric access control 
assembly for scanning a fingerprint and storing fingerprint data 
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representing the fingerprint into the memory. A comparison engine 
is provided for comparing the fingerprint data with the reference 
fingerprint data and determining a match if a similarity threshold 
is satisfied. An access control icon generator permits a user to 
5 move an access control icon on the display and an access control 
means is provided for controlling access co the at least one of 
file, be it a data file and/or an application, when a user moves 
the access control icon onto the icon representing the file, 
and/or visa versa, whereby access to the at least one file is 
10 permitted only if a user scans a fingerprint producing fingerprint 
data for which the comparison means determines matches the 
reference fingerprint data and designates the user as authorized 
user . 

The above, and other objects, features and advantages of the 
15 present invention will become apparent from the following 
description read in conjunction with the accompanying drawings, in 
which like reference numerals designate the same elements. 

Brief Description of the Drawings 
2 0 For a fuller understanding of the nature of the present 

invention, reference should be had to the following detailed 
description taken in connection with the accompanying drawings in 
which: 

Figure la is a block diagram of a system of the present 
2 5 invention; 

Figure lb is a block diagram of an alternative system of the 
present invent ion ; 

Figure 2a is a top plan simplified view of a biometric input 
device of the present invention; 
30 Figure 2b is a side elevation view of the biometric input 

device of Figures 2a showing internal components in dashed lines; 

Figure 3a is a side elevation view of the biometric input 
device of Figure 2a showing surface contours; 

Figure 3b is a bottom perspective view of the biometric input 
35 device of Figure 2a showing surface contours and dimensional 
disposition of features; 
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Figure 4 is a block schematic of the biometric input device 
of Figure 2a; 

Figure 5 is a flow chart for operation of the biometric input 
device of Figure 2a; 
5 Figure 6 is a flow chart of the comparison method of the 

present invention; 

Figure 7 is an illustration of a directional image analysis; 
Figure 8(a) is an image of the fingerprint based on data 
received from an optical scanning assembly; 
10 Figure 8(b) is an image of the fingerprint of Figure 8(a) 

following low pass filtering; 

Figure 8(c) is an image of the fingerprint of Figure 8(a) 
following directional filtering and binarization; 

Figure 8(d) is an image of the fingerprint of Figure 8(a) 
15 following skeletonization; 

Figure 9(a) is a depiction of a bifurcations- 
Figure 9(b) is a depiction of an ends- 
Figure 10 is a depiction of an analysis of two minutia 
exclusion purposes; 
20 Figure 11 is a simplified depiction of a fingerprint image 

data FP1 divided into clusters; and 

Figure 12 is a simplified depiction of the clusters of Figure 
11 applied individually shift to print image data FP2 . 

Like reference numerals refer to like parts throughout the 
2 5 several views of the drawings. 

Detailed Description of the Preferred Embodiment 

Referring to Figure 1A, a computer 50 has a keyboard 52 and 
a biometric input device 54 with a scanning window 56 for 

30 accepting biometric input. The computer 50 may take the form of 
a personal computer, a dedicated device such as an ATM machine, a 
dumb terminal, or a computer on the order of a workstation, 
minicomputer or mainframe. Optionally, the computer 50 is 
connected to a remote computer 51 via a link 53 which may be a 

35 direct link via phone lines or direct cabling, or via a network 
such as a LAN, WAN, intranet or Internet. In order to gain access 
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to use of the computer 50, or remote computer 51, for all or only 
specified functions, a user must provide a biometric input to zhe 
biometric input device 54 via the scanning window 56. Hereinafter 
the computer 50 will be referred to, however, it is understood 
5 that the remote computer 51 may optionally perform the functions 
ascribed to the computer 50 with the computer 50 functioning as a 
terminal. Likewise, reference to gaining access to use of the 
computer 50 is understood to include the alternative of access to 
use of the remote computer 51. 

10 The computer 5 0 compares biometric data, representing the 

biometric input, with stored biometric data and determines if the 
biometric data corresponds to any stored biometric data held in a 
data base. If a correspondence exists, the user is given 
authorization, that is, the user is allowed access to the computer 

15 50 for performance of the specified functions or for use of the 
computer 50 in general. 

The biometric input device 54 is connected to the computer 50 
via an input cord 72. Alternatively, depending upon the type of 
port the biometric input device 54 uses to communicate with the 

20 computer 50, an embodiment, of the present invention has a port 
adapter connector 57 connecting the input cord 72 to a 
corresponding port on the computer 50. A still further 
alternative provides an embodiment of the present invention 
wherein a stand-alone adaptor unit 58 channels daca via the input 

25 cord 72 and a cable 59 to and from the computer 50. Moreover, if 
desired, an infra red or other remote and/or wireless data 
communication structure could be provided. 

Referring to Figure IB, an alternative configuration is shown 
wherein the scanning window 56 and associated structure is 

30 incorporated in either the computer 50 or the keyboard 52. In 
such instances, the stand-alone biometric input device 54 is 
omitted and functions thereof are performed by the computer 50 or 
by circuitry incorporated in the keyboard 52. It is understood 
that functions discussed herein with respect to the biometric 

3 5 input device 54 and the computer 50 may optionally be distributed 
between the biometric input device 54 and the computer 50 as is 
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practical. 

Referring to Figures 2A and 2B, the biometric input device 54 
is shown in the form of a computer mouse 60. Alternatively, the 
biometric input device may take the form of another type of input 
5 device such as a track ball, joystick, touch pad or other variety 
of input device. The computer mouse 60 preferably includes a left 
button 62, a right button 64, a ball 66, an X direction sensor 68, 
and a Y direction sensor 70. Various means may be used to effect 
input from these devices including mechanical, optical or other. 

10 For example, optical means may be substituted for the ball 66 to 
detect mouse movement. The input cord 72 connects to the computer 
50 for effecting data transfer. Optionally, the input cord 72 is 
replaced by wireless means for effecting data transfer which 
operate using optical or electromagnetic transmission. 

15 The present invention further includes an optical assembly 

80. The optical assembly 80 preferably includes a prism 82, a 
first lens 84, a mirror 86, a CCD assembly 88, and LED * s 89. In 
particular, the prism 82 has first, second and third sides, 90, 92 
and 94, respectively. The first side 90 generally defines the 

20 surface of the scanning window 56. Moreover, a coating (s) or a 
transparent plate may optionally be used to protect the first side 
90. The second side 92 preferably includes the first lens 84 
disposed thereon or formed integrally with the prism 82. 
Preferably, the prism 82. is molded integrally with the first lens 

25 84 which provides for reducing part count and simplifying the 
assembly of the biometric input device 54 . The third side 94 
includes a light absorbing coating 96. 

The CCD assembly 88 includes a CCD sensor 102 and a second 
lens 104 which functions as an object lens. The first and second 

30 lenses 84 and 104 preferably function in conjunction with the 
mirror 86, as shown by light ray tracings, to focus an image at 
the first surface 90 onto the CCD sensor 102. Various other lens 
assemblies and configurations may optionally be realized by those 
of ordinary skill in the art and are considered to be within the 

35 scope and spirit of the present invention. 

In order to input biometric data, a user holds the computer 
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mouse 60 with the index, middle or third finger preferably 
extended to operate the left and right buttons, 62 and 64, and 
with the thumb contacting the scanning window 56 to permit an 
image of a thumb print to be focussed onto the CCD sensor 102. 
5 The user then operates any of the left and right buttons, 62 or 
64, or other input device, to initiate scanning of the thumb 
print. Alternatively, scanning may be automatically initiated by 
circuitry in the biometric input device 54 or the computer 50. 

The structural configuration of an illustrated embodiment of 

10 the computer mouse 60 is detailed below, wherein a front portion 
109 of the computer mouse 60 generally refers to an end portion of 
the computer mouse 60 from where the input cord 72 preferably 
extends and where the left and right buttons, 62 and 64, are 
situated, a heel portion 110 which comprises a rear end portion 

15 where a user's palm typically rests, and a middle portion 111 
which is an area where the balls of the user's hand typically are 
situated. The front portion 109, the heel portion 110, and the 
middle portion 111 are situated to define three sections of a 
length L of the computer mouse 60 extending from a front end of 

20 the end portion 109 to a rear end of the heel portion 110. 

The scanning window 56 is preferably situated generally on a 
side of the middle portion 111 and preferably has a ridge 120 
framing at least three sides of the scanning window 56. The ridge 
120 is configured to accept a perimeter of a user's thumb, thereby 

25 defining a scanning position of the user's thumb in the scanning 
window 56. Furthermore, the ridge 120 serves to shield the 
scanning window 56 from ambient light during the scanning process 
and also to protect the scanning window 56 from damage. 

The ball 66 is preferably disposed with a center thereof 

30 within the heel portion 110 of the computer mouse 60. Such 
disposition of the ball 66 provides advantageous situation of the 
ball 66 under the palm of the user's hand so that pressure from 
the palm during operation ensures positive contact of the ball 66 
with a substrate upon which the computer mouse 60 is used. The 

35 ball 66 is optionally disposed rearward of a mid-position in the 
computer mouse 60 wherein the mid-position is a middle of the 
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length L of the computer mouse 60. In conventional configurations 
the ball 66 is situated either in the middle portion, forward of 
the mid-position in the computer mouse, or in the front portion. 
Such a construction is prone to intermittent contact of the ball 
5 with the substrate due to the user applying excessive downward 
force to the heel portion of the mouse resulting in the front and 
middle portions rising from the substrate. 

A circuit board 14 0 contains circuitry for effecting scanning 
operation of the optical assembly 80. As an alternative to the 

10 optical assembly 80, a contact detection assembly may be realized 
wherein the scanning window 56 takes the form of a silicon contact 
sensor. In either configuration, a thumb print of the user is 
represented by data of an array of pixels. The LED 1 s 8 9 are 
mounted on the circuit board 140 in a position above a top surface 

15 of the prism 82 to radiate light into the prism 82 for scanning 
the thumb print. The embodiment shown has two LED 1 s , but it is 
realized a single LED may be used or alternative light generating 
devices may be substituted therefor. Furthermore, although the 
embodiment shown provides the LED's 89 mounted on the circuit 

20 board 140, the LED 1 s 89 may alternatively be mounted on the prism 
82 or molded into the prism 82, at the top side, in the same 
operation wherein the first lens 84 is molded integrally with the 
prism 82 . 

Referring to Figures 3A and 3B, perspective depictions of the 
25 computer mouse 60 illustrate the length L of the computer mouse 
60, the disposition of the ball 66 and the structure of the ridge 
120. The ridge 120 has an outer surface 122 extending outwardly 
from a side surface 126 of the computer mouse 60 and an inner 
surface 124 extending from a peak of the ridge structure to the 
30 scanning surface 56. The ridge 120 is raised from the side 
surface 126 preferably on at least three sides of the scanning 
window 56, that is, front, top and bottom sides. On a fourth or 
rear side, a rise of the ridge 120 from the side surface 126 is 
optionally omitted to permit ease of insertion of the thumb 
35 against the scanning window 56. The location of the ridge 120 on 
the three sides of the scanning window 56 ensures positive 
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location of the thumb for scanning purposes to minimize scan to 
scan variations in positioning of the thumb print thereby 
facilitating thumb print comparisons. The center of the ball 66 
is shown rearward of the mid-position, the middle portion 111 
5 which includes the middle section of the computer mouse 60, and 
the three quarter length position. The outer surface 122 is 
concave but may optionally be flat or convex. Likewise, the inner 
surface 124 is concave but may optionally be flat or convex. 
Furthermore, the outer surface 122 may be omitted with the inner 

10 surface 124 serving alone to position the thumb wherein the inner 
surface 124 defines a recess in the side surface 126. However, 
the rising of the outer surface 122 from the side surface 124 
provides for the side surface 12 6 protruding less outwardly from 
a mouse body centerline CLl of the computer mouse 60, shown in 

15 Figure 2a, thereby providing for a functionally less cumbersome 
device . 

Referring again to Figure 2a, a surface of the scanning 
window 56 is preferably inclined with respect to the mouse body 
centerline CLl to define an acute angle with respect thereto in 

20 the range of 5° to 25°, and preferably in the range of 10° to 20°. 
A front edge of the scanning surface 56 is recessed inwardly 
toward the mouse body centerline CLl from a position of the side 
wall 126 relative to the mouse body centerline CLl. Such 
positioning provides for an ergonomical ly advantageous positioning 

25 of the thumb when the computer mouse 60 is held. In one 
embodiment of the invention the scanning window 56 has a length of 
about 30mm and a width of about 18mm. 

Referring again to Figure 2b, the scanning window 56 is 
inclined in the vertical plane with respect to the substrate upon 

30 which the computer mouse 60 rests such that a longitudinal center 
line CL2 of the scanning surface defines an acute angle with 
respect to the substrate in the range of 0° to 25°, and preferably 
in the range of 5° to 15°. Such positioning provides for a further 
ergonomically advantageous positioning of the thumb when the 

35 computer mouse 60 is held. 

The prism 82 is a right angle prism with a forward acute 
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angle in the range of 40o to 60o and preferably in the range of 450 
to 55o. The mirror 86 serves to redirect light to the CCD 
assembly 8 8 thereby providing for a compact arrangement of the 
optical assembly 80. In one embodiment the forward angle is about 
5 50o. 

Referring to Figure 4, an embodiment of circuitry provided on 
board 140 is shown. A microcontroller 150 is preferably 
interfaced with a CCD controller 152, a ROM 154, a RAM 156, and an 
A/D converter 158. Output from the CCD sensor 102 is input to the 

10 A/D converter 158 where it is digitized. The CCD controller 152 
effects scanning of the CCD sensor 102 to transfer sensed levels 
of the pixels of the CCD sensor 102. The microcontroller 150 
further controls the intensity of light produced by the LED 89. 
An interface controller 160 is interfaced with the microcontroller 

15 150 to effect communication with a serial port of the computer 50. 
Other interfaces may be. employed permitting data communication 
with the computer 50. Furthermore, the microcontroller 150 may 
optionally receive mouse input from the left and right mouse 
buttons, 62 and 64, and the x and y sensors, 68 and 70, and 

20 transmit the mouse input to the computer 50 to effect combined 
functions of thumb print scanning and mouse control. 

The microcontroller 150 is optionally in the form of a 
programmable logic device (PLD) . One such device is the FLEX10K 
from Altera. The microcontroller 150 controls the CCD controller 

25 152, determines a size and position of a frame, records image data 
of the frame into the RAM 156, and supports communication protocol 
with the interface controller 160, such as the RS-232 interface, 
the PS-2 interface, or the USB interface. 

The ROM 154 stores program codes for the microcontroller 150 

30 and may be programmed to effect operations over various 
interfaces. While discrete IC's are shown, it is realized that 
the functions of the IC's may be integrated in a single IC. The 
CCD controller 152 effects reading of successive pixels and lines 
of the CCD sensor 102. A matrix of data from the pixel array of 

35 the CCD sensor 102 forms the frame and is stored in the RAM 156. 
The frame consists of data representative of the thumb print image 
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and preferably excludes data from pixels not representative of the 
thumb print image. Thus, the frame represents a subset of data 
from a complete scanning of the CCD sensor 102. Accordingly, the 
amount of data to be processed and sent to the computer 50 is 
5 optionally reduced from that of an entire scan of the CCD sensor 
102 . 

In an embodiment of the invention, the interface controller 
160 may be incorporated into an interface unit 162 for connecting 
the input cord 72 to the computer to permit operation over various 

10 interfaces by substitution of the interface unit 162 having the 
desired interface controller 160. The interface unit 162 may be 
in a separate housing connectable to a desired input port, as 
shown in Figure la as the stand-alone adapter unit 58, or a 
connector housing itself as' show in Figure la as the port adapter 

15 connector 57. Implementation of the interface unit 162 is 
dictated by the type of port to be interfaced. 

A parallel printer port interface (LPT), that is, a PS2 port 
interface, may be effected using a microcontroller and a PLD, for 
example, a ZILOG Corp. Z86E02 in conjunction with a FLEX8K PLD 

20 from Altera Corp. In such instance the interface connector 162 is 
a separate housing which is connected to the computer's printer 
port with a cable and has a connector for the input cord 72 and 
for a parallel printer cable through which a printer may be 
interfaced to the computer 50. Power is supplied to the interface 

25 connector 162 and the computer mouse 60 via the PS2 port from the. 
computer 50. Data exchange for the computer mouse's 50 usual 
mouse input, that is, input from the left and right buttons, 62 
and 64, and the x and y sensors, 6 9 and 70, is preferably effected 
using standard protocol for PS2 mouse interface and the PLD based 

30 on output from the microcontroller 150 of the computer mouse 60. 

A full speed USB interface at 12 MBaud may be effected using 
a processor in the interface unit 162, such as an Intel Corp. 930, 
which has in built USB functions. In such an instance the 
interface unit 162 is optionally a separate housing in the form of 

35 a stand-alone adapter unit 58 which is connected to the computer's 
USB port with a cable 59, as shown in Figure la, and has a 
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connector for the input cord 72. Power is supplied from the 
computer 50 for the interface unit 162 and the computer mouse 60 
via the USB port . 

A serial port interface, that is, a COM port interface, 
5 functioning at 115.2 KB may be effected using a processor in the 
interface unit 162, such as an Atmel AT29C2051, and an RS232 
voltage converter. In such an instance the interface unit 162 is 
optionally incorporated in a connector for connecting the input 
cord 72 to the computer's 50 serial port. Power is supplied from 

10 the computer 50 via a further connector and is processed by the 
voltage converter to drive the computer mouse 50. 

Referring to Figure 5, a flow chart is shown of operation of 
the computer mouse 60. Operation begins at a start point 200 and 
proceeds to decision step 205 to determine whether a read print 

15 command is received from the computer 50, referred to as "PC" in 
the flow chart, to read in a thumb print. If a "read print" 
command is received, the LED 8 9 is lit to a maximum level in step 
210. Next, in step 215, data from the CCD sensor 102 is read. 
Following reading CCD data, a decision step 220 is executed to 

20 determine whether a finger is detected. When a finger is detected 
operation proceeds to a decision step 225 to determine whether the 
light level is acceptable, and if it is not the level is adjusted 
and operation returns to step 215. If the light level is 
acceptable, operation proceeds to transmission step 230 wherein a 

25 message is sent to the computer 50 indicating that print data is 
to be sent. In another transmission step 23 5 a line of print data 
from the CCD sensor 102 is sent to the computer 50. 

Operation then proceeds to a decision step 240 wherein it is 
determined whether the end of the image data has been sent to the 

30 computer 50. If transmission of the image data is not complete, 
a check is made in a status verification step 245 to see whether 
there is any mouse input, such as data from any of the left button 
62, right button 64, X sensor 68, or Y sensor 70 input by the user 
and, if such data has been input, it is sent to the computer 50 in 

35 a transmission step 250. Operation returns to the transmission 
step 23 5 wherein a next line of CCD daca is sent to the computer 
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50 after the mouse input is sent to the computer 60 or if no mouse 
input is detected. If it is determined in the decision step 240 
that transmission of image data is complete, operation returns to 
the beginning of the flow chart below the start step 200. 
5 In step 205, if no read print command is received, operation 

proceeds to a status verification step 255 to see whether any 
mouse input has been inputted by the user and, if such data has 
been inputted, it is sent to the computer 50 in transmission step 
260. 

10 Once a complete set of image, or print data, is sent to the 

computer 50, the computer 50 then proceeds to process the data. 
In the present description, image data is also referred to as 
print data in reference to the input of a thumb print. However, 
it is realized that other types of biometric input may be used and 

15 that the present invention may optionally used to process such 
other data. Examples of such other data include a print image of 
any of the other digits or images of other unique biometric data 
such as retinal images. Thus, such applications are considered to 
be within the scope and spirit of the present invention. Indeed, 

2 0 the entire operation of the present invention can be contained 
within the mouse itself, with only an authorization and/or 
restriction command being passed on to the computer itself. 

After the thumb print image is scanned in and the image data 
thereof transferred to the computer 50, the image data is then 

25 processed and added to a database of print image data or used to 
gain access to use of the computer 50 by comparison to previously 
stored print image data in the database. Hereinafter, using image 
data to gain access is referred to as an authorization process 
while entering print image data into the database is referred to 

30 as a registration process. 

Finger print image analysis may effect comparison of images. 
Alternatively, the present invention further provides an analysis 
algorithm that effects comparison of special point maps which 
indicate where special points, also known as minutia, of a 

35 fingerprint are located. The fingerprint analysis algorithm 
considers a fingerprint not as a determined object but as a 
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stochastic object. There is a philosophical analogy, like the 
Laplas's determinism and the stochastic picture of the world. 
Another analogy is that the first practically significant results 
in speech recognition appeared as soon as the first stochastic 
5 models of human's speech had appeared. A discussion of standard 
approaches is found in the paper A real-time matching system for 
large fingerprint databases, N.K. Ratha, K. Karu, S. Chen, and 
A.K. Jain, IEEE Trans, on PAMI, Aug. 1996, vol. 18, no. 8, pp. 
799-813, which is incorporated herein by reference for its 

10 teaching relating to fingerprint analysis and modeling. 

Factors that randomize print image data include elasticity of 
skin, humidity, level of impurity, skin temperature, individual 
characteristics of the user's finger-touch, among many other 
factors. The basic generation of a special points map optionally 

15 includes multiple finger touches of the same finger, that is, a 
user's thumb print is optionally scanned multiple times. Each 
image data from each scanning is referred to herein as a 
"standard." The greater the number standards of a user stored in 
the database, the higher the reliability of the recognition is. 

20 The shorter the process of studying multiple standards, the less 
the reliability of recognition is. 

Applicants have conducted experiments showing that the 
reliability of recognition and the quantity of the standards 
exhibit the following relationship: 



25 Quantity of Standards Reliability 

1 89% 

3 92% 

5 95% 

7 98% 

30 12 99.5% 

20 99.9% 



The term "reliability," as used above, relates a probability of 
recognizing a registered user, that is, matching a user's thumb 
print data with thumb print data in the data base after one touch. 
35 Referring to Figure 6, a flow chart of a fingerprint 

analyzing algorithm of the present invention is shown. The 
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algorithm is described below wherein the following definitions 
apply: 

VARIABLE DEFINITION 

5 Xn(i), Yn(i), An(i) i-th minutia description wherein 

Xn is an x coordinate of the i-th 
minutia, Yn is an x coordinate of 
the i-th minutia, and An is an 
angle of the i-th minutia 

10 



30 



FP 


fingerprint 


N 


number of minutia of fingerprint 
after extraction 


FPn 


n-th fingerprint 


MID 


mean inter-ridge distance 


DI 


directional image 


Xmas , Ymax 


linear sizes of an input image 


Fx, Fy 


linear sizes (numbers of cells) in 
directional image, 


Fstepx - Ymax/Fy 


linear sizes of cells onto which 
the initial image is distributed 
to get directional image 


Fn (i,j) 


directional image for n-th 
fingerprint 



Pi 

35 



discrete upper bound for 180 
degrees 
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UnDir (>Pi) 

5 
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number of cells of directional 
image that are not UnDir 

mask value to detect the absence 
of FP in a current cell, for n-th 
FP 



In imaging step 300, the user's thumb print is scanned by the CCD 
sensor 102 and then digitized at step 305, wherein analog levels 

10 for each pixel of the CCD sensor 102 are digitized to form one 
byte per pixel. Although depicted as separate operations, it is 
understood from the schematic of Figure 4 that the analog levels 
of the pixels are successively digitized by the A/D converter 158 
and stored in the RAM 156. Next, a sequence of filtering and 

15 contrasting transformations is executed on the initial matrix of 
intensity data. The aim is to get the more "stable" image of the 
fingerprint (while touching) . 

Following storage in the RAM 158, the print image data FP is 
optionally transferred to the computer 50 as indicated in Figure 

20 5. However, in an alternative embodiment of the invention the 
filtering and contrasting transformations may be executed by the 
microcontroller 150 in the computer mouse 60. 

The matrix of intensity data from the CCD sensor 102, that 
is, the print image data FP, includes the fingerprint and 

25 surrounding "garbage". In an optional process a border between 
the print image and the "garbage" is defined and the "garbage" is 
excluded so that only the internal part of the print image, that 
is the portion which includes ridge lines, takes part in the 
further analysis. 

30 After the print image data FP is acquired, preprocessing of 

the print image data FP is carried out beginning with a scale 
normalization step 310 in which the scale of the print image data 
FP is normalized using standard routines. After the scale 
normalization step 310 the print image data FP is then used to 

35 calculate directional image data DI using gradient statistics in 
directional calculation step 315, wherein the print image is 
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divided into cells having a size defined by Fx and Fy. Referring 
to Figure 7, the print image data FP is divided into cells as 
shown by a grid superimposed on the print image and a vector 
normal to the direction of ridge lines in each cell is calculated. 
5 These vectors form the directional image data DI . Thus, an array 
of directional image data F(i,j) is generated where i and j denote 
the cell and the value of F(i,j) is between 0 and Pi for 
directional cells or is set to UnDir for cells wherein a 
directional gradient cannot be determined such as for isolated 

10 pixels or pixel groups lacking directionality. The directional 
image data DI is then subjected to a smoothing process and its 
quality factor Q is determined in a smoothing and quality 
processing step 320. The smoothing process includes first 
applying a low-pass filter and then a low-cut filter, after which 

15 a directional smoothing along the directions defined for each cell 
is effected. Scale normalization, low-pass filtering, low-cut 
filtering directional image calculation and smoothing are 
processes that are realizable by those of ordinary skill in the 
art. Accordingly, detailed discussions thereof are omitted. 

20 The quality Q of a print image data FP is then calculated by 

determining a ratio of cells that remain substantially unchanged 
following the smoothing and quality processing step 320 to the 
total number of cells. This ratio is then squared and multiplied 
by the area of the print image data FP divided by the area of the 

25 entire scanned image. Thus, both the quality of the print image 
data FP and absence of image data corresponding to a fingerprint 
are taken into consideration. Quality decision step 325 is then 
executed to determine whether the quality Q of the print image FP 
is above a given quality threshold. When the quality Q is below 

30 the given quality threshold, the process returns to the imaging 
step 300 for input of new data. This is because it is determined 
chat the quality of the fingerprint is insufficient to base 
matching upon. If the quality is above the given threshold, 
processing proceeds a binarization step 330. 

35 In the binarization step 330, the image data FP shown in 

Figure 8(a) is subjected to preliminary binarization using 
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subtraction of low-pass filtering resulting in the image data FP 
producing the image shown in Figure 8(b), followed by directional 
filtering and binarization resulting in the image of Figure 8(c). 
Processing continues with execution of a skeletonization step 335 
5 wherein the image data FP is subjected to a thinning and 
skeletonization processing wherein all ridge lines are reduced to 
a width of one pixel which results in the image shown in Figure 
8(d). In this stage visible ridge lines, that are some pixels in 
width are being changed to lines one pixel in width. The values 

10 on the ridge lines are 1 and for all other areas the values are 0. 
Now the matrix consists of only two values. Detailed discussions 
of the filtering and skeletonization processes are omitted as such 
are realizable by those of ordinary skill in the art given the 
present disclosure . 

15 A minutia extraction step 340 is next executed upon the image 

data FP that has been skeletonized. Fingerprints are 

characterized by various minutia which are particular patterns of 
the ridges. Two basic types of minutia are a bifurcation 4 00, or 
branch, shown in Figure 9(a), wherein a ridge line 402 divides 

20 into two ridge lines, 403 and 405, and an end 410, shown in Figure 
9(b), wherein a ridge line 412 ends. Each minutia is 
characterized as a vector represented by a minutia data triplet X, 
Y, and A wherein X and Y represent the location of the minutia and 
A is an angle of a vector of the directionallization of the 

25 minutia as shown in Figures 9(a) and 9(b). 

In a preferred embodiment of the present invention, 
distinction between end minutia 410 and bifurcation minutia 400 is 
not made. It is found that exclusion of such distinction results 
in reduction of data, reduced processing needs and time, while 

30 still providing acceptable reliability of fingerprint comparison. 
Alternatively, distinction may be made with associated increase in 
processing. 

The minutia extraction step 340 further proceeds with 
exclusion of minutia that are too closely located. Referring to 
35 Figure 10, two end minutia at (xl, yl) and (x2, y2) , respectively, 
and represented by vectors (pl,ql) and (p2,q2), respectively, are 
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shown. First, determination is made as to whether the twc minutia 
are within a threshold distance. This threshold distance is 
optionally a distance r used to determine matching minutia and 
discussed below, a fixed distance, or another distance based on 
5 mean ridge line separation distance. When two minutia are within 
the given threshold distance, a determination is made whether the 
angle between the two vectors (pl,ql) and (p2,q2) is within a 
given threshold of 180o and the angle between (p2,q2) and (x2-xl, 
y2-yl) is within a given threshold of 0. If two minutia satisfy 

10 the aforesaid criteria they are excluded because they are too 
close and aligned in a nearly straight line. As a result of the 
minutia extraction process, the print image FP is now represented 
by a data set defined as FP={Q, N, F(i,j), X(k), Y{k), A(k) } 
wherein N is the total number of minutia for the fingerprint FP, 

15 and X(k) , Y(K) and A(k) are the data triplet representing the k-th 
minutia. The minutia extraction is advantageous in reducing the 
amount of data to be processed and thereby reducing the processing 
time and requirements. 

Processing next proceeds to a matching process step 345 

2 0 wherein the print image data FP is compared to image data in the 
database. FP1 now refers to the image data of the input 
fingerprint and FP2 refers to print image data of a fingerprint 
retrieved from the database in database retrieval step 347. 
Likewise in this description, other variables are appended with 1 

25 or 2 to represent the respective fingerprint. 

It is necessary to find the best alignment of the directional 
images DI1 and DI2 of Fl(i,j) and F2(i,j). Data Fl(fa, fdx, fdy) 
(i,j) is now calculated wherein rotation by angle fa and shift by 
distance fx and fy is effected in an orthogonal transformation of 

30 Fl(i,j). After the transformation of Fl, a comparison of Fl.(fa, 
fdx, fdy) (i,j) with F2(i,j) is then made wherein differences in 
orientations of corresponding cells of the directional images Dl 
and D2 is calculated as Dif DI . DifDI is calculated as the sum of 
all angular differences between corresponding cells. The values 

35 of fa, fdx, fdy iteratively varied and for each permutation 
thereof the transformation of Fl(fa, fdx, fdy) (i,j) is made and 
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compared with F2(i,j) to find a DifDI for each set of fa, fdx, fdy 
values. A set of fa, fdx, fdy values is then chosen for which 
DifDI is minimal. The chosen set of fa, fdx, fdy represent the 
best shifting parameters for shifting the directional image Dl to 
5 effect the best matching directional alignment of Dl and D2 . 
Subsequent alignment of minutia for matching purposes used the 
chosen set of fa, fdx, fdy as a starting point for adjustments. 
Additionally, BI is determined as the number of cells (i,j) of 
either Dl or D2 that are not UnDir. 

10 A directional difference decision step 350 is next executed 

wherein the minimal DifDI for the chosen set of fa, fdx fdy is 
compared against a threshold DifDI-, which may be a set threshold 
or threshold based on BI . If DifDI exceeds the threshold DifDI w , 
then it is determined that the correspondence level, or matching 

15 level, between the directional images is insufficient to warrant 
further comparison of FP1 and FP2 and a different fingerprint 
image data is chosen for FP2 and processing returns to the 
beginning of the matching process step 345. If DifDI is less than 
the threshold, operation proceeds to similarity measure 

20 calculation step 355. 

Next, the chosen set of fa, fdx, fdy for orthogonal 
transformation is applied as (dfx*Fstepx, dfy*Fstepy and fa) to 
the minutia data triplets XI (k) , Yl (k) , and Al (k) of FPl r where k 
represents a k-th minutia. The transformed minutia data triplets 

2 5 of print image data FP1 are then grouped into clusters each 
containing not less than a given number of minutia, preferably 
seven. Referring to Figure 11(a), FP1 is illustrated as being 
divided in four clusters CS1, CS2, CS3, and CS4 , which each 
. contain the given number of minutia (not shown) . Figure 11(a) is 

30 a simplified depiction of the process in that the clusters do not 
necessarily cover square regions of the print image and the number 
of clusters is not limited to four. The clusters may be thought 
of a regional groupings of minutia. 

Referring now to Figure 11(b), for each of the clusters CS1, 

35 CS2, CS3, and CS4 on a cluster by cluster basis, XI (k), Yl (k) of 
the minutia of the given cluster are all iteratively shifted in x 
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and y directions by values dr, wherein dr is varied within a range 
R, such that abs (dr) < R, and a comparison of the shifted XI (k) , 
Yl(k), Al (JO is made against all minutia in a BI grouping of FP2 
for each set of dr set values to identify minutia of FP1 matching 
5 those of FP2. A pair of minutia are considered matched when a 
distance between them is less than a threshold r discussed below. 
.The BI grouping of FP2 is the group of cells in FP2 that are not 
UnDir. For each shift of a cluster, a similarity measure Smt is 
taken, which is the sum of the following term for each set of 
10 matched minutia in the cluster: 

d 

m(xl,yl;x2,y2)=a f exp(- z/2)dz + 6, 

Jo 6 

15 where 



d= (xl-x2) 2 + (yl-y2) 2 

and a, 6 and 0 are empirical values. In an embodiment of the 
20 invention, a is 150, 5 is set equal to Rl, where Rl equals 30, and 
R2, where R2, equals 20, Rl and R2 being discussed below, and O is 
set equal to 4. These values are exemplary and alterable without 
departing from the scope and spirit of the present invention. For 
each cluster, the set of dr values yielding the greatest 
25 similarity measure Smt is selected and the total sum of the 
greatest similarity measure of each cluster is taken to find a 
similarity measure Smt(FPl, FP2) for the comparison of FP2 to 
FP2) . 

As noted above, comparison of fingerprints is often hampered 
30 by various environmental and physiological factors. The division 
of FP1 into clusters provides compensation in part for such 
factors as stretching and shrinking of the skin. For a given 
cluster, the total distance difference due to stretching or 
shrinkage between two minutia is limited due to the limited size 
35 of the cluster area. Thus, adverse effects of shrinking and 
stretching are minimized. Accordingly, individual cluster 
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shifting and comparison are a preferred embodiment of the present 
invention. Alternatively, division of FP1 into clusters may be 
omitted and shifting and comparison of FP1 as a whole effected. 

The maximum similarity measure Smt(FPl, FP2) is generated for 
5 the best comparisons of all clusters of FP1 with FP2 , along with 
a number Nmat of matched minutia, and a number Ntot which is the 
total number of minutia within the BI grouping of FP1 . An overall 
similarity measure for the comparison of FP1 with FP2 is 
calculated as follows: 
10 Nmt (R, r , BI , Ntot ) =Smt (FP1 , FP2 ) - DifDI 

where Smt(FPl, FP2) is a sum of the best Smt of each cluster. 
Thus, this takes into account the maximal number of matched 
minutia, DifDI and statistical peculiarities of distances 
distribution. 

15 Processing then proceeds to similarity decision step 360 

wherein Nmt(R, r, BI, Ntot) is compared with a threshold Thr(R, r, 
BI, Ntot). If Nmt (R, r, BI , Ntot) is greater than the threshold 
Thr(R, r, BI, Ntot), it is determined the FP1 matches FP2 and a 
match is indicated in match indication step 365. If Nmt(R, r, BI, 

20 Ntot) is less than or equal to the threshold Thr(R, r, BI, Ntot) 
it is determined the FP1 does not match FP2 and execution proceeds 
to the data base retrieval step 347 for the selection of another 
set of print data from the database for use as FP2 in the process 
which returns to the matching process step 345. Indication of a 

25 match is then used to permit access to the computer 50 in general 
or specific functions thereof. 

In a preferred embodiment of the invention, the threshold Thr 
(R, r, BI, Ntot) is determined on the basis of threshold training 
using a sample pool of fingerprints from a number of individuals. 

30 The sample pool is composed of a number of samples, or standards, 
from each individual in the pool. The number of samples, from 
each individual in the pool . The number of samples from each 
individual in one example is 4 and the number of individuals is in 
a range of 100 to 1000. The number of samples and individuals may 

35 be varied from the exemplary values and range without departing 
from the scope and spirit of the present invention. The process 



10 
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steps 305 through 355 of Figure 6 are then executed for each print 
with every print being compared to every other print. Since the 
sample pool is known, comparisons of prints from a same individual 
and comparisons of prints from different individuals are known. 

In performing the threshold training, n number of variations 
of R and r are used and are shown below as Rl, R2 and rl, r2 for 
an example where n=2. For example, values are set such that Rl < 
R2 and rl < r2 where R1=2*MID, rl=MID, R2=3.'5-4 MID, and r2=2*MID. 
MID is the mean inter-ridge distance of the prints in the sample 
pool. The following values are found: 

NmtS(Rl,rl,BI,Ntot) f NmtA (Rl , rl , BI , Ntot ) , and 
NmtS(R2,r2,BI,Ntot) , NmtA (R2 , r2 , BI , Ntot) , 
where NmtS is number of matched minutia for prints compared from 
the same individual while NmtA is the number of matching minutia 
15 resulting from the comparison of fingerprints from different 
individuals . 

For a given BI,Ntot (within subrange of appropriate 
quantization), BestA (n, BI , Nmat ) is set to the max 
NmtA (Rn,rn,BI, Ntot) , of all the comparisons of fingerprints from 
20 different individuals, and MinNmtS (Rn, rn,BI,Ntot) is set to the 
minimum NmtS (Rn, rn, BI , Ntot) of all comparisons of fingerprints 
from the same individual for n=l,2, etc. The threshold are then 
calculated as follows: 

25 Thr (n,BI,Nmat) = (BestA(n, . . . ) =MinNmtS (Rn, rn, . .) , 

where 

NmtS (Rn, . .'. ) >BestA(Rn, . . . ) /2 . 

In conjunction with the above discussion of threshold 
30 calculations, the similarity decision step 360 produces a positive 
match indication if for the current BI, Ntot: 

Nmt (Rl,rl,BI, Ntot) >Thr(l,BI, Ntot) , or 
Nmt (R2,r2,BI,Ntot) >Thr (2 , BI , Ntot ) . 
If this condition is not found, then the dichotomy analysis gives 
35 some correction. The results of identical and not identical 
matchings is considered as two classes of patterns and the pairs 
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of values Nmt (Rl , rl , . . . ) , Nmt(R2,r2 ) as feature coordinates. 

The dichotomies are performed by the second order threshold 
functions which are calculated according to chapter 2.3. in the 
classical book by J.Tu and R. Gonzalez "Pattern Recognition 
5 Principles" Addison-Wesley Publ . 1974, which is incorporated 
herein by reference for its relevant dichotomy teachings. 

The complete description to be stored in the database is a 
multilevel structure of 4 (or more) FP data sets taken from the 
different applications of the same FP. Each level of the 
10 structure corresponds to minutia appearance frequencies for all FP 
codes . 

Optionally, instead of using thresholds for the similarity 
comparison as discussed above, fixed values may be chosen and used 
as threshold values. 

15 The data base of fingerprints of individuals for whom 

identification is required is created by a registration process. 
The registration process entails a given individual having their 
fingerprints scanned a number of times, for example four. Of the 
four scans, the scanning producing the greatest number of minutia 

20 is then selected for the database. 

The present invention further includes use of the above 
fingerprint minutia extraction and comparison process in 
conjunction with a cryptographic protection process. For this 
aspect of the invention, the computer 50, also referred to as the 

25 client, will send fingerprint data to the remote computer 51, also 
referred to as the server, over the link 53 which may be, for 
example, a link over the Internet. Thus, security protection for 
data sent over the link 53 is required. 

There are three different cryptographic procedures used in 

30 the cryptographic process. As they are not used simultaneously, 
they are described below separately. All cryptographic parts are 
written in italic font. The cryptographic method employed is RSA 
encryption. 

I. User registration 

35 In order to use the cryptographic process, the user must 

first register his fingerprint with the server. In order to 



WO 00/70545 PCT/US00/13325 

29 

J 

maintain security, the fingerprint data must be encrypted to 
prevent unauthorized interception thereof. The following steps 
are used: 

1. User fills in a registration form including a 
5 UserlD. Other information such as Name, E-mail 

address, etc. may be included. 

2. User scans his fingerprint into the computer 50 via 
the biometric input device where it is stored as 
image data. The image data is typically on the 

10 order of 64 KB. 

3 . The computer 50 then converts the image data of the 
finger to the data set defined as FP={Q, N, F(i, j) , 
X(k) , Y(k) , A(k) using processing steps 310 through 
340 shown in Figure 6. This data set is also 

15 referred to herein as a passport. Optionally, 

components of the data set may be omitted, such as 
F(i,j), so the passport may be shortened to about 
1.2 KB. 

4. The client, computer 50, then sends a request for 
20 the public key to the server via the link 53. 

5. Server sends its public key K L via the link 53. 

6. Client encrypts its passport and his UserlD using 
RSA algorithm and public key K r . In a preferred 
embodiment the length of the key is 512 bits: 

2 5 C = RSA. Encode Public (K - , passport, UserlD) 

7. The computer 50 sends C to the remote computer 51 
via the link 53. 

8. The remote computer 51 decrypts message using its 
secret key K L .: 

3 o M = Passport + UserlD = RSA. Encode Secret (K ru C) 

9. The remote computer 51 then adds the UserlD and 
passport to the database. 

II. User authorization 
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The user authorization process is used where a user wishes to 
gain access to the remote computer on the basis of his finger 
print matching one in the database. 

1. User scans his fingerprint image data into the 
5 computer 50. 

2. The computer converts the image of the finger to 
the passport using processing steps 310 through 340 
shown in Figure 6 . 

3. The computer 50 sends a request over the link 53 to 
10 the remote computer 51, the server, for the public 

key to the server. 

4. The remote computer 51 sends its public key K r to 
the computer 50. 

5. The computer 50 encrypts the passport and UserlD 
15 using RSA algorithm using the public key K E : 

C = RSA EncodePublic (K.,. passport, UserlD) 

6. The computer 50 sends C to the remote computer 51 
via the link 53. 

7. The remote computer 51 decrypts message using its 
2 0 secret key K D : 

M = passport + UserlD = RSA EncodeSecret (K -..C) 

9. The remote computer 51 then searches the database 
for the UserlD, finds the corresponding passport, 
and executes steps 345 through 365 of Figure 6 

25 using the passport retrieved from the database as 

FP2. Optionally, step 350 is omitted. If the 
comparison of step 360 is positive, access is 
authorized. If the UserlD does not exist or the 
comparison result of step 360 negative, 

30 authorization for access is refused. 

III. Installation of the server and addition of new users is 
effected by the following steps: 



35 



1. Installation of normal Web-server components. 
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2 . Generation of the pub lic and secret keys for the 
administrator of the server? first of all random 
integer is generated, possibly based on 
administrator's fingerprint, which is part random, 
then the deterministic algorithm is started to 
determine public and secret keys. 

3. When the new user is being registered, server takes 

^ ts UserlD and pas sport and encrypts them with 

administrator ' s public key . 



Usage of two different keys makes it more difficult to 
corrupt fingerprint data since an intruder must obtain both public 
and private keys to complete his attack. Different servers will 
have different keys to ensure that corrupted fingerprint data 

15 (i.e. stolen from some server) could not be used on other servers. 

The 512 -bits RSA keys are extremely difficult to crack. In 
fact, the keys of that length are not known to have been broken, 
so current cryptography declares them as keys for long-term secret 
information (30-50 years or longer) . Average time of encryption 

20 of passport (client side) is less than a second. Average time of 
decryption of passport (server side) is about 2 seconds, so it is 
reasonable to predict that network delays would be more 
significant. Besides, servers are usually more powerful than the 
client computers. 

2 5 A further aspect of the present invention provides software 

for working preferably in the Windows or a Macintosh environment. 
In particular, a protection icon is preferably provided which an 
authorized user, one whose biometric passport has produced a 
positive comparison, may move and drop on a file of data or 

30 program object to require that future access thereto be permitted 
only when a positive fingerprint comparison has been executed. 
Optionally, the user may input a list of UserlD's to be designated 
as authorized users and for whom access will be allowed. 

In particular, the previously described embodiment of the 

35 biometric input device wherein comparison is performed utilizing 
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fingerprint data can be considered part of the biometric access 
control assembly to be utilized as part of the file securing 
system and method of the present invention. For example, 
preferably the file securing system works in conjunction with a 
computer processor assembly which contains an item to be secured 
thereon. That item to be secured can include any type of file, 
including a data file or an application file. (For the purposes 
of this application, the term file is utilized to designate data 
and/or a complete application and/or a portion thereof) . 

Furthermore, operatively associated with the computer 
processor assembly is a display. Preferably utilizing a specific 
and/or conventional Windows™ and/or Macintosh type operating 
system, the computer processor assembly is structured to represent 
the item to be secured in the form of an icon on the display. 
15 This item icon can be readily viewable, such as on a desktop, or 
may be accessed through a normal browser of the computer processor 
assembly. Additionally, it is understood that a large plurality 
of icons representing a large number of items may be contained by 
the computer processor assembly, however, only one of the possible 
20 many items which are desired to be secured will be referenced in 
the following description in association with an item icon. 

The file securing system of the present invention further 
includes an access control icon, also preferably visible to the 
user on the computer processor assembly. The access control icon 
2 5 is represented on the display of the computer processor assembly 
and is at least temperately, but preferably generally always, 
independent from the item icon that represents the item to be 
secured. The access control icon, however, is preferably 
configured to be moved on the display, preferably in a 
30 conventional manner such as by selecting the access control icon 
and holding down one or more buttons on a mouse type pointer. 
Specifically, the access control icon is structured to be moved 
and/or dragged at least partially into operative proximity with 
the item icon representing the item to be secured. Preferably, 
35 this operative proximity includes an at least partial overlapping 
of the access control icon onto the item icon, said positioning of 
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the access control icon into the operative proximity with the item 
icon resulting in a restriction of subsequent access to the item 
to be secured to only an authorized user. Of course, if desired, 
the item icon can conversely be moved onto the access control icon 
to achieve a similar access restriction. 

Preferably, the. file securing system further includes a 
biometric access control assembly, such as that previously 
recited. The biometric access control assembly therefore includes 
a biometric input device that is operatively associated with the 
computer processor assembly. In this regard the biometric input 
device can be operatively associated with the computer pointer, 
such as the mouse, in the manner previously described and/or can 
be positioned directly in association with the computer processor 
assembly and/or as a separate distinct article. In any such 
15 embodiment, however, the biometric input device is preferably 
structured to identify a biometric identifier of an accessing 
user. Although it is recognized that the biometric identifier can 
include a variety of items, including a retinal image and/or voice 
pattern, is preferred that the biometric identifier comprise a 
20 finger print of the accessing user who wishes to gain access to 
the item that has been secured by the file securing system. 

In identifying the biometric identifier, the biometric access 
control assembly is further structured to at least partially 
determined if the accessing user is an authorized user. This 
25 authorizing user can either be the restricting user, who 
originally moved the access control icon onto the item icon, 
and/or can be a plurality of other authorizing users, either 
designated based on certain security protocols, and/or 
specifically designated by the restricting user. In order to 
30 identify when the accessing user is an authorized user, the 
biometric access control assembly of the file securing system also 
preferably comprises a biometric referenced data storage assembly. 
The biometric reference data storage assembly is preferably part 
of the computer processor assembly, however, it is recognized that 
35 all or part of the biometric access control assembly can be 
independent of the computer processor assembly and/or contained 
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thereby. In particular, the biometric referenced data storage 
assembly maintains biometric reference data relating to at least 
one authorized user, but preferably all authorized users, and 
preferably the referencing user as an authorized user. In this 
5 regard, the biometric access control assembly may be also be 
configured to automatically make the restricting user an 
authorized user and/or can first ensure that a restricting user is 
an authorized user prior to allowing that restricting user to 
limit the access to the item to be secured. In such a manner, 

10 securement of files can only be achieved by authorized users as 
well as subsequent access to the file. Accordingly, preferably 
utilizing the aforementioned comparison and/or matching algorithm 
and/or further effectively secured matching system, the biometric 
input device of the biometric access control assembly includes a 

15 finger print scanner. 

Preferably utilizing the preceding file securing system, the 
present invention also provides for a method of securing an item 
contained on a computer processor assembly. In particular, the 
method includes the initial steps of representing the item to be 

20 secured as an item icon, such as on the computer processor 
assembly display, designating an access control icon, also 
preferably on the computer processor assembly display, selecting 
the access control icon and moving it into operative proximity 
with the item icon, and restricting subsequent access to the item 

25 to only authorized users as a result of that movement of the 
access control icon into operative proximity with the item icon. 
Additionally, in the preferred embodiment wherein the biometric 
access control assembly is included, the method further includes 
the additional steps of storing a quantity of biometric reference 

30 data, such as fingerprint data, corresponding one or more 
authorized users, and identifying a biometric identifier for an 
accessing user that wishes to access the item that has been 
secured. Subsequently, the biometric identifier of the accessing 
user is compared to the biometric referenced data and it is 

35 determined if it correspond the biometric referenced data of at 
least one authorize user so as to permit subsequent access to the 
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item which has been secured. 

Having described preferred embodiments of the invention with 
reference to the accompanying drawings, it is to be understood 
that the invention is not limited to those precise embodiments, 
and that various changes and modifications may be effected therein 
by one skilled in the art without departing from the scope or 
spirit of the invention as defined in the appended claims. 

Now that the invention has been described, 
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Claims 

1. A biometric comparison system comprising: 

a computer having a memory including a reference 
fingerprint data and at least one of file data and application 
. software; 

a display; 

means for representing at least one of file data and 
application software as icons on said display; 

a biometric input device for scanning a fingerprint and 
storing fingerprint data representing said fingerprint into said 
memory; 

comparison means for comparing said fingerprint data 
with said reference fingerprint data and determining a match if a 
similarity threshold is satisfied; 

an access control icon generator permitting a user to 
move an access control icon on said display; 

access control means for controlling access to said at 
least one of file data and application software when a user moves 
said access control icon onto said icon representing said at least 
one of file data and application software whereby access to said 
at least one of file data and application software is permitted 
only if a user scans a fingerprint producing fingerprint data for 
which said comparison means determines matches said reference 
fingerprint data. 

2. A file securing system comprising: 

a computer processor assembly, said computer processor 
assembly including at least one item to be secured thereon; 

a display operatively associated with said computer processor 
assembly; 

said computer processor assembly further structured to 
represent said item to be secured as an icon on said display; 

an access control icon represented on said display of said 
computer processor assembly at least temporarily independent from 
said icon representing said item to be secured; and 

said access control icon structured to be moved on said 
display at least temporarily and at least partially, into 
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operative proximity with said icon representing said item to be 
secured, and being structured to result in a restriction of 
subsequent access to said item to be secured to only an authorized 
user. 

5 3. A file securing system as recited in claim 2 further 

comprising a biometric access control assembly, said biometric 
access control assembly comprising a biometric input device 
operatively associated with said computer processor assembly and 
structured to identify a biometric identifier of an accessing 
10 user, said biometric access control assembly structured to at 
least partially determine if said accessing user is one of said 
authorized users. 

4. A file securing system as recited in claim 3 wherein 
said biometric access control assembly further comprises a 

15 biometric reference data storage assembly structured to maintain 
at least biometric reference data relating to at least one 
authorized user. 

5. A file securing system as recited in claim 4 wherein 
said computer processor assembly at least partially includes said 

20 biometric reference data storage assembly. 

6. A file securing system as recited in claim 4 wherein 
said biometric input device at least partially includes said 
biometric reference data storage assembly. 

7. A file securing system as recited in claim 4 wherein 
25 said biometric access control assembly is structured to compare 

said biometric identifier of said accessing user identified by 
said biometric input device to said biometric reference data. 

8. A file securing system as recited in claim 3 wherein 
said biometric access control assembly is structured to identify 

30 a biometric identifier of a restricting user attempting to move 
said access control icon into operative proximity with said item 
to be secured. 

9. A file securing system as recited in claim 8 wherein 
said biometric access control assembly is structured to designate 

35 said restricting user as one of said authorized users. 

10. A file securing system as recited in claim 8 wherein 
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said biometric access control assembly is structured to permit 
said restricting user to designate said authorized users. 

11. A file securing system as recited in claim 8 wherein 
said biometric access control assembly is structured to permit 

5 said restriction of subsequent access to said item to be secured 
only if said restricting user is identified as one of said 
authorized users. 

12. A file securing system as recited in claim 3 wherein 
said biometric input device comprises a fingerprint scanner. 

10 13. A file securing system as recited in claim 12 wherein 

said biometric input device is operatively associated with a 

computer pointer assembly. 

14. A file securing system as recited in claim 2 wherein 

said item to be secured comprises an application. 
15 15. A file securing system as recited in claim 2 wherein 

said item to be secured comprises a data file. 

16. A file securing system as recited in claim 2 further 
comprising a plurality of said authorized users. 

17. A method of securing an item contained on a computer 
20 processor assembly comprising the steps of: 

representing the item as an item icon; 
designating an access control icon; 

selecting said access control icon and moving said access 
control icon into operative proximity with said item icon; and 
25 restricting subsequent access to the item to only authorized 

users as a result of said movement of said access control icon 
into operative proximity with said item icon. 

18. The method securing an item recited in claim 17 further 
comprising the steps of: 

3 0 storing a quantity of biometric reference data corresponding 

to said authorized user; 

identifying a biometric identifier of an accessing user 
seeking access to the item; 

comparing said biometric identifier of said accessing user to 
35 said biometric reference data; and 

determining if said biometric identifier of said accessing 
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user corresponds said biometric reference data of at least cne of 
said authorized users. 

19. The method securing an item recited in claim 18 wherein 
said step of identifying said biometric identifier of said 
accessing user further comprises scanning a fingerprint of said 
accessing user. 
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